Mirrors/cobalt
1
0
Fork 0
mirror of https://github.com/wukko/cobalt.git synced 2024-07-01 11:26:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

make stream salt change on every server start

Browse source
This commit is contained in:
wukko 2023-04-29 17:40:08 +06:00
parent 8f27876aee
commit d8e9fc16d0
3 changed files with 6 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/cobalt.js
View file

@ -3,6 +3,9 @@ import "dotenv/config";
import express from "express";
import cors from "cors";
import rateLimit from "express-rate-limit";
import { randomBytes } from "crypto";
process.env.streamSalt = randomBytes(64).toString('hex');
import path from 'path';
import { fileURLToPath } from 'url';

3
src/modules/setup.js
View file

@ -1,4 +1,3 @@
import { randomBytes } from "crypto";
import { existsSync, unlinkSync, appendFileSync } from "fs";
import { createInterface } from "readline";
import { Cyan, Bright, Green } from "./sub/consoleText.js";
@ -6,7 +5,7 @@ import { execSync } from "child_process";
let envPath = './.env';
let q = `${Cyan('?')} \x1b[1m`;
let ob = { streamSalt: randomBytes(64).toString('hex') }
let ob = {}
let rl = createInterface({ input: process.stdin, output: process.stdout });
let final = () => {

5
src/modules/stream/manage.js
View file

@ -5,7 +5,6 @@ import { sha256 } from "../sub/crypto.js";
import { streamLifespan } from "../config.js";
const streamCache = new NodeCache({ stdTTL: streamLifespan/1000, checkperiod: 10, deleteOnExpire: true });
const salt = process.env.streamSalt;
streamCache.on("expired", (key) => {
streamCache.del(key);
@ -14,7 +13,7 @@ streamCache.on("expired", (key) => {
export function createStream(obj) {
let streamID = nanoid(),
exp = Math.floor(new Date().getTime()) + streamLifespan,
ghmac = sha256(`${streamID},${obj.ip},${obj.service},${exp}`, salt);
ghmac = sha256(`${streamID},${obj.ip},${obj.service},${exp}`, process.env.streamSalt);
if (!streamCache.has(streamID)) {
streamCache.set(streamID, {
@ -47,7 +46,7 @@ export function verifyStream(ip, id, hmac, exp) {
let streamInfo = streamCache.get(id);
if (!streamInfo) return { error: 'this stream token does not exist', status: 400 };
let ghmac = sha256(`${id},${ip},${streamInfo.service},${exp}`, salt);
let ghmac = sha256(`${id},${ip},${streamInfo.service},${exp}`, process.env.streamSalt);
if (String(hmac) === ghmac && String(exp) === String(streamInfo.exp) && ghmac === String(streamInfo.hmac)
&& String(ip) === streamInfo.ip && Number(exp) > Math.floor(new Date().getTime())) {
return streamInfo;